CVE-2013-1799 : Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.

Published 2013-04-02 03:23:26

Updated 2023-02-13 04:41:16

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2013-1799

Gnome » Gnome Online Accounts » Version: 3.6.0
cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:*:*:*:*:*:*:*
Matching versions
Gnome » Gnome Online Accounts » Version: 3.6.1
cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:*:*:*:*:*:*:*
Matching versions
Gnome » Gnome Online Accounts » Version: 3.6.2
cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:*:*:*:*:*:*:*
Matching versions
Gnome » Gnome Online Accounts » Version: 3.7.1
cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:*:*:*:*:*:*:*
Matching versions
Gnome » Gnome Online Accounts » Version: 3.7.3
cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:*:*:*:*:*:*:*
Matching versions
Gnome » Gnome Online Accounts » Version: 3.7.2
cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:*:*:*:*:*:*:*
Matching versions
Gnome » Gnome Online Accounts » Version: 3.7.4
cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:*:*:*:*:*:*:*
Matching versions
Gnome » Gnome Online Accounts » Version: 3.7.90
cpe:2.3:a:gnome:gnome_online_accounts:3.7.90:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 11.10
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-1799

EPSS FAQ

0.56%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-1799

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-1799

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1799

http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html

openSUSE-SU-2013:0301-1: moderate: gnome-online-accounts: enable ssl cer

CVEs referencing this url
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html

GNOME Online Accounts 3.7.91 released
https://bugzilla.gnome.org/show_bug.cgi?id=693214

Bug 693214 – CVE-2013-0240: fails to verify SSL certificates when creating accounts

CVEs referencing this url
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html

GNOME Online Accounts 3.6.3 released

CVEs referencing this url
http://ubuntu.com/usn/usn-1779-1

USN-1779-1: GNOME Online Accounts vulnerability | Ubuntu security notices

CVEs referencing this url
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8

Guard against invalid SSL certificates (9cf4bc0c) · Commits · GNOME / gnome-online-accounts · GitLab
https://bugzilla.gnome.org/show_bug.cgi?id=695106

Bug 695106 – CVE-2013-1799: Do not send the credentials before notifying the user of an invalid SSL certificate

Jump to

Vulnerability Details : CVE-2013-1799

Products affected by CVE-2013-1799

Exploit prediction scoring system (EPSS) score for CVE-2013-1799

CVSS scores for CVE-2013-1799

CWE ids for CVE-2013-1799

References for CVE-2013-1799